September 25, 2019

SSH: How to identify which key to use when AgentFowarding is in use

https://superuser.com/questions/273037/using-the-identityfile-directive-in-ssh-config-when-agentforwarding-is-in-use 


You can use the public part of a key to to specify which private key you want to use from the forwarded agent. This requires creating an extra file (the public part of the key) on any “intermediate” machines (machines to which you forward your local ssh-agent).
  1. Arrange for the intermediate machine to have a copy of the public part of the desired key in a convenient location (e.g. ~/.ssh/some_other_key.pub).
    From any machine that already has the public part of the key:
    scp some_other_key.pub intermediate:.ssh/
    
    or, on the intermediate machine:
    ssh-add -L | grep something_unique > ~/.ssh/some_other_key.pub
    
    You may want to edit the trailing “comment” part of the public key to better identify the key’s origin/owner/purpose (or attempt to hide the same).
  2. Use the pathname to the above public key file with -i or IdentityFile.
  3. You may also need to use IdentitiesOnly yes (in .ssh/config or -o) to keep ssh from trying to offer any additional identities from your forwarded agent.

No comments:

Post a Comment